Insyde's Security Pledge
Recent Security Advisories
Security Advisory Archives
BIOS & BMC
InsydeH2O | November 8, 2022 : SA-2022050
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022050 | DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 7.8 |
InsydeH2O | November 8, 2022 : SA-2022049
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022049 | DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. | 8.2 |
InsydeH2O | November 8, 2022 : SA-2022048
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022048 | DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 8.2 |
InsydeH2O | November 8, 2022 : SA-2022047
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022047 | DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). | 7.8 |
InsydeH2O | November 8, 2022 : SA-2022046
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022046 | DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack). | 4.4 |
InsydeH2O | November 8, 2022 : SA-2022045
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022045 | DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to corruption of other ACPI fields and adjacent memory fields (a TOCTOU attack). | 3.9 |
InsydeH2O | November 8, 2022 : SA-2022044
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022044 | DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption (a TOCTOU attack). | 7.5 |
InsydeH2O | November 8, 2022 : SA-2022042
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022042 | DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values (a TOCTOU attack). | 8.2 |
InsydeH2O | November 4, 2022 : SA-2022041
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022041 | Stack buffer overflow vulnerability leads to arbitrary code execution. | 7.6 |
InsydeH2O | November 4, 2022 : SA-2022040
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022040 | Stack buffer overflow vulnerability leads to arbitrary code execution. | 7.7 |
InsydeH2O | November 4, 2022 : SA-2022039
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022039 | Stack buffer overflow vulnerability leads to arbitrary code execution. | 7.7 |
InsydeH2O | September 30, 2022 : SA-2022038
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022038 | Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. | 3.6 |